CA Risk Authentication UNIX Installation Guide › Application Server Configuration for Database Connection Pooling › Enable Apache Tomcat Security Manager

Enable Apache Tomcat Security Manager

If you notice that CA Risk Authentication does not work on Apache Tomcat if the Java Security Manager is enabled, then to enable Tomcat Security Manager to work with CA Risk Authentication:

1. Navigate to the following Apache Tomcat installation location:

   <Tomcat_Home>\bin\
   

2. Double-click the tomcat<version>w.exe file.

   The Apache Tomcat Properties dialog box appears.

3. Activate the Java tab.
4. In the Java Options section, add the following entries:
   • -Djava.security.manager
   • -Djava.security.policy=<Tomcat_Home>\conf\catalina.policy
5. Click Apply to save the changes.
6. Click OK to close the Apache Tomcat Properties dialog box.
7. Navigate to the following Apache Tomcat location:

   <Tomcat_Home>\conf\
   

8. Open the catalina.policy file in a text editor of your choice.
9. Add the following code in the WEB APPLICATION PERMISSIONS section.

   grant {
   permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}arcotuds${file.separator}-", "read";
   permission java.util.PropertyPermission "adb.converterutil", "read";
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.security.SecurityPermission "putProviderProperty.BC"; 
   permission java.security.SecurityPermission "insertProvider.BC";  
   permission java.security.SecurityPermission "putProviderProperty.SHAProvider";
   permission java.io.FilePermission "${arcot.home}${file.separator}-", "read,write";        
   permission java.net.SocketPermission "*:1024-65535", "connect,accept,resolve";
   permission java.net.SocketPermission "*:1-1023", "connect,resolve";
   };
   

10. Add the following section to grant permission for Administration Console (arcotadmin) and User Data Service (arcotuds).

    grant codeBase "file:${catalina.home}/webapps/arcotuds/-" {
    permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
    permission java.lang.RuntimePermission "accessClassInPackage.org.bouncycastle.asn1.*";
    permission java.security.AllPermission;
    };
    grant codeBase "file:${catalina.home}/webapps/arcotadmin/-" {
    permission java.lang.RuntimePermission "getenv.ARCOT_HOME", "";
    permission java.security.AllPermission;
    };
    

11. Save and close the file.
12. Restart Apache Tomcat.